Are cases of access in excess of authorization involving federal employees snooping in databases treated too lightly? Levi Pulkkinen reports on a case where some may think that a federal employee who misused access to the IRS database got off too lightly:

An IRS worker accused of using the agency’s service database to snoop on her ex-husband and others is expected to plead guilty to a misdemeanor charge Tuesday.

Now retired, IRS technician Jeanne Desozier is alleged to have continued using IRS resources to look up personal information of at least three people even after she was caught reviewing her ex-husband’s tax return.

Federal prosecutors in Seattle claim Desozier, 63, looked up the contact information of two relatives and a friend, all of whom she had lost touch with. An IRS employee of five years, Desozier is not alleged to have misused the information for financial gain.

Desozier is expected to plead guilty and be sentenced Tuesday before U.S. Magistrate Judge James Donohue at the federal courthouse in Seattle, according to court documents.

Asking that Desozier be sentenced to one year of probation, Assistant U.S. Attorney Kate Vaughn argued the technician abused the public trust.

Keep in mind that the employee continued to engage in such access even after she had been caught the first time:

Desozier received a 30-day suspension in 2008 after she was caught viewing her ex-husband’s tax return while at work. That warning, prosecutors now contend, did not stick, as Desozier viewed tax documents filed by three other people.

Apparently the charges only rise to the level of a misdemeanor. And while some of us might think the ex-employee is getting off too lightly, there’s actually some precedent for a one-year probation sentence, as State Department employees who snooped in celebrities’ passport files also generally got one year probation. In the State Department cases, ex-employees also often were also fined or sentenced to community service. In this case, the prosecutor is only seeking probation.

Suggesting that probation would be too severe a punishment, Desozier’s defense attorney suggested Desozier only “committed a technical violation.” Desozier was forced to retire as a consequence, federal public defender Dennis Carroll told the court, and now will have to live with the “stain” of a criminal conviction after a crime-free life.

So.. what do you think the consequences should be – apart from being fired? In the U.K., we’ve seen employees fined or prosecuted criminally to face real jail time. What should happen here?

Desozier was not charged under the Computer Fraud and Abuse Act, which is just as well in light of the recent 9th Circuit decision in Nosal, as there was no indication of any financial gain or fraud involved.